Bump version to 3.5.0 (#1545)

* bump version to 3.5.0

Signed-off-by: liga-oz <[email protected]>

* update CHANGELOG.md

Signed-off-by: liga-oz <[email protected]>

---------

Signed-off-by: liga-oz <[email protected]>

CHANGELOG.md

@@ -3,23 +3,37 @@ All notable changes to this project will be documented in this file.
 
 
 ## 3.5.0
-- [java-api] `ClientIdentity` interface has been extended with 2 new methods `getCertificateChain()`
-  and `getPrivateKey()`
-  and `ClientCertificate` class has been extended with new constructor that takes `java.security.cert.Certificate[]`
-  and `java.security.PrivateKey` as an argument and corresponding getters for these fields.
+- [java-api]
+  - `ClientIdentity` interface has been extended with 2 new methods `getCertificateChain()`
+    and `getPrivateKey()`
+    and `ClientCertificate` class has been extended with new constructor that takes `java.security.cert.Certificate[]`
+    and `java.security.PrivateKey` as an argument and corresponding getters for these fields.
+  - `user_token` grant type has been re-added to `GrantType` enum
 - [token-client] `SSLContextFactory` class has been extended and supports Keys in PKCS#8 format with ECC algorithm.
 - [spring-security]
   - fixed NPE in IdentityServicesPropertySourceFactory on application startup when bound to a list of XSUAA services
     whose service plans are ALL not supported
   - provides an autoconfiguration that creates an Identity Service JwtDecoder with enabled proof token check. To enable
     it, set the `sap.spring.security.identity.prooftoken` spring property to true.
+  - Fixes an issue with MockMvc when the SecurityContexts are synced. It sets SecurityContextStrategy based on an
+    EnvironmentPostProcessor as in this scenario the servlet initialization is not happening and the code runs too late
+    due to that.
+
+#### Dependency upgrades
 
+- Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6
+- Bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.39.1
+- Bump spring.core.version from 6.1.6 to 6.1.7
 
 ## 3.4.3
-- [spring-security] improved custom SecurityContextStrategy registration for the `SecurityContextAutoConfiguration` class. It uses `ServletContextInitializer` to hook early into the initialization phase.
+
+- [spring-security] improved custom SecurityContextStrategy registration for the `SecurityContextAutoConfiguration`
+  class. It uses `ServletContextInitializer` to hook early into the initialization phase.
 
 #### Dependency upgrades
-- Bump [com.sap.cloud.environment.servicebinding:java-bom](https://github.com/SAP/btp-environment-variable-access) from 0.10.4 to 0.10.5.
+
+- Bump [com.sap.cloud.environment.servicebinding:java-bom](https://github.com/SAP/btp-environment-variable-access) from
+  0.10.4 to 0.10.5.
 
 ## 3.4.2
 

README.md

@@ -126,7 +126,7 @@ The SAP Cloud Security Services Integration is published to maven central: https
         <dependency>
             <groupId>com.sap.cloud.security</groupId>
             <artifactId>java-bom</artifactId>
-            <version>3.4.3</version>
+            <version>3.5.0</version>
             <scope>import</scope>
             <type>pom</type>
         </dependency>

bom/pom.xml

@@ -8,7 +8,7 @@
 
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-bom</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <packaging>pom</packaging>
     <name>java-bom</name>
 

env/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>3.4.3</version>
+        <version>3.5.0</version>
     </parent>
 
     <groupId>com.sap.cloud.security</groupId>

java-api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-api</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 ```

java-api/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security-it/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <artifactId>parent</artifactId>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
-        <version>3.4.3</version>
+        <version>3.5.0</version>
     </parent>
 
     <artifactId>java-security-it</artifactId>

java-security-test/README.md

@@ -40,7 +40,7 @@ It is pre-configured with a security filter that only accepts valid tokens. Furt
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
    <artifactId>java-security-test</artifactId>
-   <version>3.4.3</version>
+   <version>3.5.0</version>
    <scope>test</scope>
 </dependency>
 ```

java-security-test/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security/README.md

@@ -67,7 +67,7 @@ To be able to validate tokens it performs the following tasks:
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>

java-security/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

pom.xml

@@ -7,7 +7,7 @@
 
 	<groupId>com.sap.cloud.security.xsuaa</groupId>
 	<artifactId>parent</artifactId>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 	<packaging>pom</packaging>
 
 	<name>parent</name>

samples/java-security-usage-ias/pom.xml

@@ -6,13 +6,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage-ias</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <packaging>war</packaging>
 
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+        <sap.cloud.security.version>3.5.0</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>

samples/java-security-usage/pom.xml

@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <packaging>war</packaging>
 
     <!--profiles>
@@ -27,7 +27,7 @@
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+        <sap.cloud.security.version>3.5.0</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>

samples/java-tokenclient-usage/pom.xml

@@ -6,13 +6,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-tokenclient-usage</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <packaging>war</packaging>
 
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+        <sap.cloud.security.version>3.5.0</sap.cloud.security.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>

samples/sap-java-buildpack-api-usage/pom.xml

@@ -6,7 +6,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.sap.cloud.security.xssec.samples</groupId>
 	<artifactId>sap-java-buildpack-api-usage</artifactId>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 	<packaging>war</packaging>
 
 	<properties>

samples/spring-security-basic-auth/pom.xml

@@ -13,14 +13,14 @@
 	</parent>
 
 	<artifactId>spring-security-basic-auth</artifactId>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 	<name>spring-security-basic-auth</name>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+		<sap.cloud.security.version>3.5.0</sap.cloud.security.version>
 	</properties>
 
 	<dependencyManagement>
@@ -72,7 +72,7 @@
 		<dependency>
 			<groupId>com.sap.cloud.security</groupId>
 			<artifactId>java-security-test</artifactId>
-			<version>3.4.3</version>
+			<version>3.5.0</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>

samples/spring-security-hybrid-usage/pom.xml

@@ -16,7 +16,7 @@
 
 	<groupId>com.sap.cloud.security.samples</groupId>
 	<artifactId>spring-security-hybrid-usage</artifactId>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 
 	<properties>
 		<!-- 
@@ -28,7 +28,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+		<sap.cloud.security.version>3.5.0</sap.cloud.security.version>
 		<apache.httpclient.version>4.5.14</apache.httpclient.version>
 	</properties>
 

samples/spring-security-xsuaa-usage/pom.xml

@@ -16,7 +16,7 @@
 
 	<groupId>com.sap.cloud.security.samples</groupId>
 	<artifactId>spring-security-xsuaa-usage</artifactId>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 	<name>spring-security-xsuaa-usage</name>
 
 	<properties>
@@ -29,7 +29,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+		<sap.cloud.security.version>3.5.0</sap.cloud.security.version>
 		<http.client5>5.2.1</http.client5>
 	</properties>
 

samples/spring-webflux-security-hybrid-usage/pom.xml

@@ -14,12 +14,12 @@
 
     <groupId>com.sap.cloud.security.samples</groupId>
     <artifactId>spring-webflux-security-hybrid-usage</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <name>spring-webflux-security-hybrid-usage</name>
 
     <properties>
         <java.version>17</java.version>
-        <sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+        <sap.cloud.security.version>3.5.0</sap.cloud.security.version>
     </properties>
 
     <dependencyManagement>

spring-security-compatibility/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>3.4.3</version>
+        <version>3.5.0</version>
     </parent>
 
     <groupId>com.sap.cloud.security.xsuaa</groupId>

spring-security-starter/pom.xml

@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

spring-security/Migration_SpringXsuaaProjects.md

@@ -157,7 +157,7 @@ It is provided in an extra module. This maven dependency needs to be provided ad
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-security-compatibility</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 ```
 

spring-security/README.md

@@ -67,7 +67,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>resourceserver-security-spring-boot-starter</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 ```
 

spring-security/pom.xml

@@ -9,13 +9,13 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
 	<artifactId>spring-security</artifactId>
 	<packaging>jar</packaging>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 
 	<dependencies>
 <!--		TODO remove once spring-security-oauth2-jose has a newer version with updated nimbus dependency-->

spring-xsuaa-it/pom.xml

@@ -14,12 +14,12 @@
 
 	<artifactId>spring-xsuaa-it</artifactId>
 	<name>spring-xsuaa-it</name>
-	<version>3.4.3</version>
+	<version>3.5.0</version>
 
 	<properties>
 		<mockwebserver.version>4.10.0</mockwebserver.version>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.3</sap.cloud.security.version>
+		<sap.cloud.security.version>3.5.0</sap.cloud.security.version>
 	</properties>
 
 	<dependencyManagement>

spring-xsuaa-starter/pom.xml

@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<artifactId>xsuaa-spring-boot-starter</artifactId>

spring-xsuaa-test/README.md

@@ -31,7 +31,7 @@ This includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT)
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa-test</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
     <scope>test</scope>
 </dependency>
 

spring-xsuaa-test/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<artifactId>spring-xsuaa-test</artifactId>

spring-xsuaa/README.md

@@ -39,7 +39,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 <dependency> <!-- new with version 1.5.0 -->
     <groupId>org.apache.logging.log4j</groupId>
@@ -53,7 +53,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>xsuaa-spring-boot-starter</artifactId>
-    <version>3.4.3</version>
+    <version>3.5.0</version>
 </dependency>
 ```
 

spring-xsuaa/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.3</version>
+		<version>3.5.0</version>
 	</parent>
 
 	<artifactId>spring-xsuaa</artifactId>